Back to top

Master's Thesis Pascal Herrmann

Last modified Feb 15, 2023
   No tags assigned

Abstract:

Traditionally, higher education credentials, such as Bachelor's or Master's degrees, have been issued by universities in the form of physical paper documents. Because they vary in structure and appearance across institutions worldwide, the verification of the trustworthiness of these documents is challenging. Often, this leads to manual and laborious verification processes for both, credential holders and relying parties.
Recently, the World Wide Web Consortium has released a specification for Verifiable Credentials supporting the idea of Self-Sovereign Identity. Based on an interoperable, trusted data infrastructure, entities have full control over their digital identities and can issue and receive credentials as cryptographically verifiable claims.

In this thesis, we explore how W3C verifiable credentials can be applied to the context of higher education diplomas and in particular, how they can be verified by relying parties to ensure their contents are trustworthy.
To this end, we identify a set of required verification checks, evaluating different aspects such as the credential's integrity or revocation status. In addition, we require the presenter to prove ownership over the submitted credential and confirm their personal identity by providing a cryptographically linked ID credential.

Furthermore, we design a concept for an interoperable, hierarchically structured trusted issuer registry, serving relying parties as a trust anchor for issuer identification. We also provide a proof of concept of how such a registry can be implemented as a smart contract on the Ethereum blockchain, which is maintained by a set of independent entities and governed on-chain by a majority voting based consensus mechanism.

We analyze and evaluate the landscape of available open-source SSI libraries and how they can facilitate the development of a verifier software. Ultimately, we apply the findings of our research questions to implement a prototype for a verification service that relying parties can easily integrate into their systems to verify given academic credentials.

Research Questions:

RQ1: What is an effective validity check for verifiable credentials?

  • What checks must be performed, and in what order?
  • What data must be fetched?
  • What error states are possible? How should they be communicated?

RQ2: What SSI libraries shall be used in the implementation of the verification service?Which type of infrastructure is suited?

  • Which criteria must SSI libraries fulfill to be well-suited for this use case?
  • What SSI libraries exist, and how do they fulfill these criteria?

RQ3: How can a trusted issuer registry be designed and implemented to serve as a trust anchor for verifying issuers of digital credentials?

  • Which type of infrastructure is suited?
  • What information must be stored?
  • How can new issuers be added while maintaining a high level of trust?
  • How can the trusted issuer registry be implemented?

Files and Subpages

Name Type Size Last Modification Last Editor
Pascal Herrmann Master Thesis.pdf 3,47 MB 15.02.2023
Pascal Herrmann MT Final Presentation.pdf 16,04 MB 15.02.2023
Pascal Herrmann MT Kickoff_Slides.pdf 2,44 MB 15.02.2023